Assigning the task of updating best practices can also help employees with gap assessments of their own skills. By reviewing current best practices and updating them, employees may be able to articulate better areas where they lack knowledge or familiarity.
Cybersecurity and other known risks require constant refinement and review. Best practice documents can be helpful in insulating assets from risk and, since they can be used as benchmarks, limiting liability. Yet, keeping up with changes to best practices can be daunting. If your plan administrator and HR department are thinking of updating their best practices library and worry about the resources needed, you may have a secret weapon in this process: career development.
Before moving forward on any process to obtain or update best practices, it’s helpful to agree on the definition of what a best practice is. “Best practices are sets of methods and techniques that produce optimal results, increase efficiency, and develop structured processes. Many industries and professions use best practices to streamline work and adhere to industry standards.”[1] Another important step is to get everyone to agree on why best practices are useful. “[M]any attempts to propagate best practices across organizational boundaries meet with failure. Obstacles range from team-level protectionism to organizational structure and old habits of thought.”[2] Experts suggest that when creating a process to continually update best practices, management may want to emphasize how those best practices contribute to employees work experience, including their protective or expedient impacts.
Best practices can be created internally, by organizational management or externally, by industry trade groups or as suggested by regulators. For example, the Department of Labor has a best practices document that provides guidance to plan sponsors on cybersecurity. It makes suggestions such as having an annual audit of security controls and making sure that data assets stored in the cloud are subject to independent security risk assessments.[3] Insert trade association example. Insert company example.
Agreeing to what a best practice is and where to find them is a smart start, but understanding and undertaking the updating of those best practices calls for different resources. If a department or organization is starting from scratch, collecting, and updating best practices may favor researching trade associations and regulators. Management may also want to consider having employees attend industry workshops and educational events presented by vendors. On the other hand, if a best practice library exists but isn’t currently up to date or could benefit from a remodel to make it more user friendly, employees may need to survey how departments and systems rely on the existing best practices. How the best practices are used is also critical. Unless they are made available to employees, they may not change their behavior, especially in terms of cybersecurity.[4]
By asking newer employees to collect and synthesize best practices, those employees have opportunities to learn cross-divisional functions. They may also have opportunities to interact with more senior employees in those other divisions due to their expertise on specific processes. Experts suggest using proactive language around the use of best practices to help enhance the shared value of creating and collecting them.[5]
Best practice research also allows those collecting and synthesizing them to learn specific skills as well as appreciate how specific steps fit into a larger process. “Best practices serve as a roadmap for a company on how to do business and provide the best way to deal with problems and issues that arise.”[6] Having a roadmap for business processes, especially for cybersecurity concerns, can help employees appreciate their role in an integrated process. For example, a best practice on removing autofill from online forms may seem small on its own. Yet, in the event a plan administrator must inform participants about an upcoming black out period and has a limited time to do so, the need for address precision brought by not allowing autofill can be helpful. In this way, best practice updating can help integrate career education for entry level employees.
Assigning the task of updating best practices can also help employees with gap assessments of their own skills. By reviewing current best practices and updating them, employees may be able to articulate better areas where they lack knowledge or familiarity. On their own, staff may not be able to identify their own knowledge area weaknesses. Updating best practices may assist them in reviewing knowledge areas for their own comfort with the subject matter. This can accelerate learning and may help employees feel more engaged. Even a simple process like updating a glossary of terms, a recommendation by several cybersecurity experts, can reinforce knowledge areas for entry-level employees.
[1] https://www.indeed.com/career-advice/career-development/what-are-best-practices
[2] https://thesystemsthinker.com/putting-best-practices-into-practice
[4] https://cybriant.com/10-ways-to-reduce-your-organizations-network-security-risk
[5] https://thesystemsthinker.com/putting-best-practices-into-practice
[6] https://www.investopedia.com/terms/b/best_practices.asp
These articles are prepared for general purposes and are not intended to provide advice or encourage specific behavior. Before taking any action, Advisors and Plan Sponsors should consult with their compliance, finance and legal teams.
Before leaping into the unknown, we recommend a thorough examination of your plan. Because we are experts in the field, we know the marketplace and know what your existing vendor is capable of offering. Through this examination, we can help you optimize the service you receive.
get xpress proposal
